Auroboros Privacy Policy

Last Updated: November 01, 2021

We are strongly committed to letting you know how we will collect and use your personal information. The policies below are applicable to data and information collected when you use the site published by Auroboros, all email newsletters published or distributed by Auroboros, when you make a purchase,  and all other interactive features and communications provided by Auroboros (“Vault”). However, accessed and/or used, that are operated by us, made available by us (collectively “Auroboros” or “we”, “us”, or “our”).
If you are a resident of the European Union you are protected by and enjoy rights under the European Union’s General Data Protection Regulation 2016/679 (“GDPR”). If you are a resident of the United Kingdom, you are protected by and enjoy rights under the UK Data Protection Act of 2018 (DPA 2018).This privacy policy applies to personal information which is collected and/or used by Auroboros in its capacity as a data controller and/or data processor as defined in the GDPR and DPA 2018. 
Irrespective of your residency status, if Auroboros uses your personally identifiable information (“PII”) then you have important rights which you can exercise, depending on how and why Auroboros uses your information. If you have any questions about how we interact with your personal information, please contact
This Privacy Policy sets out how and why we collect, store, use, transfer and disclose information and how you may access your personal information and correct it. This Privacy Policy also explains the use of cookies on our Vaults such as, any other linked and related network, ecosystem, pages, content, features, products, and tools offered by us via any kind of digital Vault.
For the purposes of the GPDR and DPA 2018, the relevant legal entity is Auroboros Ltd. and our nominated Data Protection Officer can be reached at (please include ‘Personal Data’ in the email subject).

We reserve the right to modify or amend the terms of our Privacy Policy from time to time with notice. If we intend to apply the modifications or amendments to this Privacy Policy retroactively or to personal information already in our possession, we will provide you with notice of the modifications or amendments for your review and acceptance. If any changes do not reduce or diminish your rights, your continued use of our Vault,  requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after any change in this Privacy Policy will constitute your acceptance of such change. If we make significant changes to this Privacy Policy, we will provide a more prominent notice of the changes, such as by emailing you.

Where do we collect information from?
We collect information, both general and personal, in a number of ways, as detailed in this Privacy Policy, which is derived from or accessed chiefly those using the Vaults (in particular account holders) but may also comprise other categories such as event guests. Auroboros collects information including PII, some web analytics, and transactions.
In the case of PII, we collect information only insofar as it is and remains necessary to fulfil the purpose of your interaction with us. We do not use or disclose PII other than as described in this Privacy Policy.
You may refuse to provide us with PII, and you may object to our collection of information, however this may impact your ability to use or benefit from our Vault, and our ability to provide you with support or assistance.
You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this Privacy Policy (including where to find it).

Auroboros as a Data Controller
Auroboros is a data controller in that it determines the purposes for which, and the way in which, personal data is collected and processed.
Use of the Auroboros Vault ("Auroboros") requires acceptance of our site terms of use located at
In respect of personal information collected via the Vault, your continued use of the Vault constitutes your understanding of, and your agreement to, the practices described in this privacy policy and elsewhere on the websites as well as any subsequent updates.

Auroboros as a Data Processor
Auroboros may also be a data processor in that it deals with personal data provided by, and as instructed by, a data controller (such as a payment gateway) for specific purposes. In such cases, data is provided to us in strict confidence and subject to restrictive undertakings on its use and disclosure.

When do we collect data?
We collect information about you when you:
Use the website, or other aspect of the Vault
Contact Auroboros, whether or not you engage with Auroboros for business purposes
Attend an event hosted or sponsored by Auroboros, whether online or offline
Display an NFT purchased from Auroboros
Sign up for email newsletters

Why do we collect data?
Auroboros collects data in order to make informed strategic and relevant decisions for ourselves and on behalf of our customers. As further described below, we use the Personal Information we collect to:
Make the Platform work and enable you to buy unique digital art;
Provide you with critical updates, confirmations, or security alerts;
Provide support or respond to your comments or questions;
What information do we collect?
We collect two basic types of information from you in conjunction with your use of the Vault, personal information, and non-personal information. Personal information is information that you supply to us, when you use our Vault, you provide us with PII that may include your name, email address, phone number, your Ethereum (or other blockchain) wallet address, location, username, password, and any other information you directly provide us on or through the Services. This includes information you provide when you register or create an account, or request for customer service.

Personal information is any information that can individually identify you and includes, among other things, your name, e-mail address, telephone number, postal address, credit card, billing, and contact information. Non-personal information includes information that does not personally identify you, but it may include tracking and usage information about your location, demographics, use of the Vault, and the Internet.
In addition, when you interact with the Vault, we may collect certain information that does not identify you individually and our servers may automatically keep an activity log of your use of our Vault (“Non-Personal Information”). Generally, we collect and store the following categories of Non-Personal Information:
Non-identifiable demographic data such as age, gender, and five-digit zip code as part of collecting personal information, Device information about your computer, browser, mobile device, or other devices that you use to access the Vault. This information may include IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information, Analytics and usage information about your use of the Vault, Additional “traffic data” and log files such as time of access, date of access, software crash reports, session identification number, access times, and referring Vault addresses, Other information regarding your use of the Vault.
We collect information to enable you to receive the benefits of our Vault as set forth in our TOS.
Subject to this Privacy Policy and your data preferences, we may use the information we collect for some or all of the following purposes:

Carrying out our obligations and to provide you with agreed products and services;
Administering your access to our Vaults;
Maintaining, troubleshooting, and improving our Vaults;
Security for our Vaults;
Meeting our legal, regulatory, and tax reporting obligations;
Communicating with you about our Vaults, such as to notifying of changes and updates, alert you to data or security breaches, and to provide you with customer support;
distributing promotional and marketing material that is relevant to you; and
Any other uses identified to you at the time of collecting your personal information or as reasonably contemplated by this Privacy Policy and our Terms,(“Purposes”).
Where the use of personal or PII is not necessary for any of the Purposes we will process PII using an automated process in such a way as to render it non-personally identifiable before use (pseudonymisation).
Who Do We Provide Your Information To? 
PII we collect stays within the Auroboros family, other than in the following circumstances:

When you give us explicit consent to share your data;
When we share it with our affiliates, partners, and other trusted organisations we work with;
When we share it with trusted external service providers and data processors such as data centres, web hosts, cloud storage and cloud software providers, customer support providers, payment processors, debt collectors, accountants, and insurers who meets our data protection standards;;
When we share it with prospective sellers or buyers of our business or assets; or
When we share it with regulators and other relevant parties for the purpose of legal or contractual compliance, reporting purposes, when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or the rights of third parties or the public at large or to protect the vital interest of others, when we have reason to believe that doing so will prevent harm to someone or illegal activities.
Our current categories of service providers and partners are:
Hosting/infrastructure/storage providers;
Payment processors;
Email providers;
Internal communication tools providers.

How long do we keep your information and when is deleted the personal data?
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
Transaction information will be retained for a minimum period of 5 years following the date of the transaction, and for a maximum period of 10 years following the date of the transaction.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
Account information, Content information will be retained until you decide to delete your account in Auroboros Vault;
Information about you used for Product & Marketing communication will be retained as long as you have given us consent to use this information;
The period of retention of usage information will be determined based on the need for historical data to determine statistical validity and relevance for product decisions and technical monitoring.
Regardless of the provisions above, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. If you have any questions about the termination or deactivation of your account, please contact us directly at

Your right of access
You may access and review any personal information we hold about you. On your specific request we will be able to, as soon as reasonably possible, provide you with some or all of (as requested) the following information, where available:

Personal data about you that is in our possession or under our control and the source of such data;
The ways in which your personal data has been or may have been used or processed by us, during the two years preceding the date of the request;
The ways in which your personal data has been or may have been disclosed by us, and information on to whom or to which categories of recipients such data has been disclosed, during the two years preceding the date of the request;
How long we expect to hold on to your data, or if specific information is not available, the criteria we use to determine such a time period; and
The purpose of any use, processing, or disclosure
However, we reserve the right not to provide you with your personal data or other related information if providing it could reasonably be expected to:

Threaten the safety or physical or mental health of another individual;
Cause immediate or grave harm to your safety, physical or mental health;
Reveal personal data about another individual;
Reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; or
Affect the prevention, investigation, detection, and prosecution of criminal offences, or of breaches of ethics for regulated professions; or
Be contrary to national and public security, defence needs, or the national interest (including important economic, financial, monetary, budgetary and taxation matters).
If you wish to exercise your right of access, you should contact us at and we will respond to your request within 5 business days of the request being made. We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request.
We do not typically charge a fee for reasonable requests for access to your personal information. However, we may charge a reasonable fee, which will be notified to you before we move forward with the request, for time and cost in the following circumstances:

If an extended amount of time is required to collate and prepare material for you; and
If you wish to receive and we are able to provide hard copies or physical media (i.e. CDs, USB drives or other storage media).

Your right to rectification and erasure
Please contact us at as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete, up-to-date, no longer necessary for the purpose for which it was collected or processed, or lacks a valid legal ground for processing so that we can update your file accordingly.
Depending on the circumstance we may change, erase, or block from use any inaccurate, incomplete, or outdated information. We may require documentary proof or evidence for certain requests.
We will process any legitimate requests to correct inaccurate data as soon as practicable, and incomplete data within a reasonable time frame, and send the update personal data to other organisations to which the data was disclosed during the year preceding the date of the correction, unless it is impossible, involves disproportionate effort, the other organisations no longer require the corrected personal data for any legal or business purpose, or you otherwise agree that we do not need to resend the corrected information to any other organisation.
Right to object to the collection of personal data due to your personal situation
You may object to collection of specific personal data on limited grounds due to your personal situation. Please contact us at if you wish to make such a request, along with details of your personal situation and your reasons for objection. We will respond to all requests within a reasonable time frame. If we disallow your objection, we will inform you of our reasons for doing so.

We take all reasonable steps within our control to ensure that the personal information we hold about you is accurate.
We also take reasonable steps to ensure that the information is complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information.

Protection of personal data
We take seriously the security of your data and will aim to take all steps that may be necessary to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.Personal Information collected by our Vault is stored in secure operating environments that are not available to the public.
Our security procedures mean that we may occasionally request proof of identity before we disclose your Personal Information to you. Please understand, however, that while we try our best to safeguard your Personal Information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. To the extent permitted by Applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.
We will inform you without undue delay unless the risk to your individual rights and freedoms is low—such as if the compromised data was well encrypted.
Please contact us at immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.
What Steps Are Taken To Keep Personal Information Secure? 
We are concerned about ensuring the security of your Personal Information. We exercise great care in providing secure transmission of your information from your device to our servers. Personal Information collected by our Vault is stored in secure operating environments that are not available to the public.
Retention of personal data
We will cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the Purpose for which that personal data was collected or further processed is no longer being served by retention of the personal data.

Information Security And Storage

We receive data collected locally by Auroboros and collect data online directly from individuals in countries around the world. We may process that data on servers globally. We have put recognized protections in place for the transfer of data from Auroboros Company in the UK to our servers in the United Kingdom (“UK”).

We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Please be aware, though, that no security measures are perfect or impenetrable. You remain responsible for protecting your username and password and for the security of information you transmit to us over the Internet.

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

Maintain business records for analysis and/or audit purposes.
Comply with record retention requirements under the law or other relevant legal or regulatory requirements.
Defend or bring any existing or potential legal claims.
Deal with any complaints regarding the services.
Preserve historical records of transactions and property.
We will delete your personal information when it is no longer required for these purposes.
How Can We Transfer Internationally Your Personal Information? EEA  Residents

Your personal data may be transferred to countries outside the European Economic Area (EEA). Auroboros, its Affiliates, or service providers may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world. We and our other group companies have offices and facilities in the United Kingdom. The hosting facilities for Account and Usage information stored by Auroboros are situated in the United Kingdom. For International Transfer to the United Kingdom is necessary, the transfer will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained from

Children’s Data

Our websites are directed to adults. We do not accept children as clients or knowingly collect data about them.

A cookie is a small text file that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences), so you don’t have to keep re-entering them whenever you come back to the Vaults or browse from one page to another.
Use of Cookies and Other Tracking Technologies We do not use any cookies for any purpose, including “session” cookies, “persistent” cookies, flash cookies, web storage, web beacons, or other technology that tracks you. We may use certain technologies to monitor traffic, improve the Apps, and make it easier and/or relevant for your use, but none of these technologies track you or identify you.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
You can control and/or delete cookies as you wish—for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Vaults and some services and functionalities may not work.

Business transfer
If we, or substantially all of our assets, were acquired, or in the event that we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge and agree that if such transfers occur, that any acquirer of our business may continue to use your personal information as set forth in this Privacy Policy.

Links to third party websites
Our Vault may contain links to and from third party websites.
If you click on such links, you do so at your own risk and subject to whatever privacy policy and/or website terms may govern the use of such websites. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them.
You should read the privacy policy of these third parties to find out how they handle your personal information when you visit their websites.

Privacy complaints
If you believe that we have breached your privacy rights in any way, or you would like to discuss any issues about our Privacy Policy please contact us at . All such enquiries or complaints will be taken seriously and will be handled as soon as reasonably practicable and/or make improvements to our systems and processes.